Search in sources :

Example 1 with CryptedSimpleCredentials

use of org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials in project jackrabbit by apache.

the class UserImplTest method testCredentials.

public void testCredentials() throws RepositoryException, NoSuchAlgorithmException, UnsupportedEncodingException {
    User u = (User) userMgr.getAuthorizable(uID);
    Credentials uc = u.getCredentials();
    assertTrue(uc instanceof CryptedSimpleCredentials);
    assertTrue(((CryptedSimpleCredentials) uc).matches((SimpleCredentials) creds));
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) CryptedSimpleCredentials(org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials) User(org.apache.jackrabbit.api.security.user.User) CryptedSimpleCredentials(org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials) SimpleCredentials(javax.jcr.SimpleCredentials) CryptedSimpleCredentials(org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials) Credentials(javax.jcr.Credentials)

Example 2 with CryptedSimpleCredentials

use of org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials in project jackrabbit by apache.

the class UserImplTest method testChangePassword.

public void testChangePassword() throws RepositoryException, NotExecutableException, NoSuchAlgorithmException, UnsupportedEncodingException {
    User u = (User) userMgr.getAuthorizable(uID);
    String sha1Hash = "{" + SecurityConstants.DEFAULT_DIGEST + "}" + Text.digest(SecurityConstants.DEFAULT_DIGEST, "abc".getBytes());
    String md5Hash = "{md5}" + Text.digest("md5", "abc".getBytes());
    // valid passwords and the corresponding match
    Map<String, String> pwds = new HashMap<String, String>();
    // plain text passwords
    pwds.put("abc", "abc");
    pwds.put("{a}password", "{a}password");
    // passwords with hash-like char-sequence -> must still be hashed.
    pwds.put(sha1Hash, sha1Hash);
    pwds.put(md5Hash, md5Hash);
    pwds.put("{" + SecurityConstants.DEFAULT_DIGEST + "}any", "{" + SecurityConstants.DEFAULT_DIGEST + "}any");
    pwds.put("{" + SecurityConstants.DEFAULT_DIGEST + "}", "{" + SecurityConstants.DEFAULT_DIGEST + "}");
    for (String pw : pwds.keySet()) {
        u.changePassword(pw);
        String plain = pwds.get(pw);
        SimpleCredentials sc = new SimpleCredentials(u.getID(), plain.toCharArray());
        CryptedSimpleCredentials cc = (CryptedSimpleCredentials) u.getCredentials();
        assertTrue(cc.matches(sc));
    }
    // valid passwords, non-matching plain text
    Map<String, String> noMatch = new HashMap<String, String>();
    noMatch.put("{" + SecurityConstants.DEFAULT_DIGEST + "}", "");
    noMatch.put("{" + SecurityConstants.DEFAULT_DIGEST + "}any", "any");
    noMatch.put(sha1Hash, "abc");
    noMatch.put(md5Hash, "abc");
    for (String pw : noMatch.keySet()) {
        u.changePassword(pw);
        String plain = noMatch.get(pw);
        SimpleCredentials sc = new SimpleCredentials(u.getID(), plain.toCharArray());
        CryptedSimpleCredentials cc = (CryptedSimpleCredentials) u.getCredentials();
        assertFalse(pw, cc.matches(sc));
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) CryptedSimpleCredentials(org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials) User(org.apache.jackrabbit.api.security.user.User) HashMap(java.util.HashMap) CryptedSimpleCredentials(org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials)

Example 3 with CryptedSimpleCredentials

use of org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials in project jackrabbit by apache.

the class UserImplTest method testLoginWithCryptedCredentials.

public void testLoginWithCryptedCredentials() throws RepositoryException {
    User u = (User) uMgr.getAuthorizable(uID);
    Credentials creds = u.getCredentials();
    assertTrue(creds instanceof CryptedSimpleCredentials);
    try {
        Session s = getHelper().getRepository().login(u.getCredentials());
        s.logout();
        fail("Login using CryptedSimpleCredentials must fail.");
    } catch (LoginException e) {
    // success
    }
}
Also used : User(org.apache.jackrabbit.api.security.user.User) CryptedSimpleCredentials(org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials) LoginException(javax.jcr.LoginException) SimpleCredentials(javax.jcr.SimpleCredentials) CryptedSimpleCredentials(org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials) Credentials(javax.jcr.Credentials) Session(javax.jcr.Session)

Example 4 with CryptedSimpleCredentials

use of org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials in project jackrabbit by apache.

the class UserImplTest method testUserImplHasCryptedSimplCredentials.

public void testUserImplHasCryptedSimplCredentials() throws RepositoryException, NotExecutableException {
    User user = getTestUser(superuser);
    Credentials creds = user.getCredentials();
    assertNotNull(creds);
    assertTrue(creds instanceof CryptedSimpleCredentials);
    assertEquals(((CryptedSimpleCredentials) creds).getUserID(), user.getID());
}
Also used : User(org.apache.jackrabbit.api.security.user.User) CryptedSimpleCredentials(org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials) SimpleCredentials(javax.jcr.SimpleCredentials) CryptedSimpleCredentials(org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials) Credentials(javax.jcr.Credentials)

Aggregations

SimpleCredentials (javax.jcr.SimpleCredentials)4 User (org.apache.jackrabbit.api.security.user.User)4 CryptedSimpleCredentials (org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials)4 Credentials (javax.jcr.Credentials)3 HashMap (java.util.HashMap)1 LoginException (javax.jcr.LoginException)1 Session (javax.jcr.Session)1